CVE-2020-15229: Path Traversal

Singularity (an open source container platform) from has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with allow setuid = no) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources library://orshub://.Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker tooverwrite/createfiles leading to a system compromise, so far bootstrap methodslibrary, shubandlocalimage` are triggering the squashfs extraction. This issue is addressed in Singularity All users are advised to upgrade to especially if they use Singularity mainly for building image as root user.